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Description 

Field of the Invention 

[0001] This invention generally relates to data trans- 
mission networks and, more particularly, to virtual local 
area networks. 

Background of the Invention 

[0002] A data network typically includes several 
nodes connected together by a data transport medium. 
One common method of transmitting data between the 
nodes is to break the data up into discrete "packets" of 
data. Packets can be transported over the medium by 
any one of a variety of transport techniques. In applica- 
tions utilizing packetized data, data to be transported 
first is broken up into discrete packets of data, then 
transmitted through the network medium, and finally re- 
assembled at a destination node. In accordance with 
current packet protocol, each packet generally compris- 
es a header and an information field. The header con- 
tains the information used to transport the cell from one 
node to the next while the packet data is contained in 
the information field. Among other information in the 
header is the destination address of the data packet. 
[0003] A local area network (i.e.. "LAN") is a type of 
local data network commonly used in a single office or 
building. LANs are an efficient mechanism for maximiz- 
ing use of network resources by members of the LAN. 
Simple LANs typically include two or more nodes (e.g., 
a server, computer, printer, or other resource) that are 
interconnected by a common physical connection such 
as, for example, a hub. Data switches also may be con- 
nected to the hub for directing data traffic and for con- 
necting the LAN to other data networks. 
[0004] LANs can be inconvenient and expensive to 
maintain. For example, moving a user to another loca- 
tion within a relatively large office building often requires 
that the LAN be rewired and reconfigured. This can be 
cumbersome and expensive. The art has responded to 
this problem by developing virtual local area networks 
(i.e.,"VLANs"). 

[0005] For example, "Virtual LANs' Get Real", Data 
Communications vol. 24 no. 3, pp. 87-99, describes the 
general characteristics and considerations that should 
betaken when building aVLAN. As described in "Virtual 
LANs Get Real", a VLAN is generally defined as a group 
of nodes interconnected by software to form a single log- 
ical broadcast domain. VLANs may be connected to 
nodes that are members of any number of physical LAN 
segments. Among many advantages, VLANs enable 
network administrators to create logical groupings of us- 
ers and network resources, thereby allowing remote us- 
ers and resources to appear as if they are members of 
a single LAN. This enables companies and other organ- 
izations to build dynamic, flexible, and distributed LANs, 
thus simplifying physical moves of a user in a network. 



By way of background, for example, a description of how 
a VLAN may be used to facilitate communication within 
a company may be found in "Virtual LANs Take Network 
to Next Level", Computer Technology Review, Vol. 16, 

5 no. 9, September 1996, page 12-14. Background infor- 
mation regarding VLANs may additionally be found in 
"VLANs" Can Layer 3 Save the Day?", Business Com- 
munications Review, Vol. 26, no. 12, December 1996, 
pages 47-50 and "Virtual LANs Come of Age" , Telecom- 

10 munications Vol. 30, no. 6, June 1 996, pages 48-52. 
[0006] Examples of virtual LAN networks are de- 
scribed in "Building Virtual LANs on a real-World Budget 
Lanart's Segway Works with Ethernet Switches to De- 
liver Virtual LANs Powers at a Low Cost", Data Commu- 

15 nications, Vol. 24, no 13, pp. 39-40. The Segway sys- 
tem, described in Data Communications Vol. 24, no. 13, 
provides a twenty-four port module for coupling work- 
stations to a LAN switch. Up to five of the modules may 
be interconnected to provide a virtual LAN of 120 net- 

20 work connections. 

[0007] As described in the above references. VLANs 
may be formed by defining logical groups of users within 
the VLAN. One such VLAN, known as a "port-based" 
VLAN, defines the VLAN as a collection of switch ports 

25 on one or more switches across a hub. Users connected 
to those defined switch ports therefore are members of 
the defined VLAN . Broadcast messages directed to that 
VLAN may be transmitted through the defined switch 
ports only. Known port-based VLANs typically are im- 

30 plemented on a switch to include a default VLAN, in ad- 
dition to other VLANs that may be formed on the switch. 
During manufacture, the default VLAN is defined as eve- 
ry port on a single switch. The number of switch ports 
defining the default VLAN decreases, however, as ports 

35 on the switch are used for defining other VLANs. Ac- 
cordingly, on an exemplary eight-port switch having a 
first VLAN defined by ports one and two, the default 
VLAN will be defined by remaining ports three through 
eight. 

40 [0008] However, port-based default VLANs may have 
data leakage problems that can compromise the secu- 
rity of data transmitted across the network. Specifically, 
port-based def au It VLANs transmit a data packet to eve- 
ry switch port when that packet is received by the default 

45 VLAN and is destined for a port that is not in the default 
VLAN. Continuing with the above example, a data pack- 
et received on a port defining the default VLAN (i.e., one 
of ports three through eight) and destined for another 
port also on the default VLAN will be transmitted to the 

50 destination port only. In the event that the data packet 
was destined for a port on the first VLAN (i.e., port one 
or two), however, the packet would be transmitted to all 
of the ports on the switch, thus creating the above men- 
tioned security problem. 

55 [0009] Accordingly, it would be desirable to provide a 
port-based default VLAN that prevents such leakage 
problems between VLANs. It is among the general ob- 
jects of this invention to provide such a device and meth- 
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od. 

Summary of The Invention 

[0010] In accordance with the pnnciples of the inven- 
tion, a port-based default VLAN is provided that pre- 
vents leakage problems across VLANs. To that end. the 
default VLAN includes means for transmitting data re- 
ceived by the default VLAN to ports defining the default 
VLAN only. No other ports on the switch will receive a 
data packet that was received on a port defining the de- 
fault VLAN. 

[0011] In accordance with another aspect of the in- 
vention, each of the ports on a plurality of switches con- 
nected to a hub are configured, during manufacture, to 
define a default VLAN spanning the plurality of switches. 
To that end : the default VLAN includes a bus in the hub, 
an enable switch for electrically connecting each of 
switches to the bus, and means for defining each of the 
switch ports as the default VLAN. 
[0012] It is among the objects of the invention to pro- 
vide port-based default VLAN and method that prevents 
leakage across the ports of a switch. 
[0013] It is another object of the invention to provide 
a port-based default VLAN that, is configured, during 
manufacture, to span a plurality of switches connected 
to a hub. 

Brief Description Of The Drawings 

[0014] The above and further advantages of the in- 
vention may be better understood by referring to the fol- 
lowing description in conjunction with the accompanying 
drawings and which: 

Figure 1 is a block schematic diagram of a partial 
data network assembly for implementation of the in- 
vention; 

Figure 2 is a block schematic diagram of a switch 

that forms a port-based, default VLAN; 

Figure 3 is a schematic diagram of a data packet; 

and 

Figure 4 is a flow chart that specifies the method 
used for preventing leakage from the default VLAN. 

Detailed Description Of A Preferred Embodiment 

[0015] Figure 1 shows a partial data network assem- 
bly 1 0 for implementation of the invention, comprising a 
hub 12 having hub ports 14, and switches 16 connected 
to the hub ports 14. The hub 12 may be a DEChub Mul- 
tiswitch 900, available from Digital Equipment Corpora- 
tion of Maynard, Massachusetts. Each of the switches 
16 has a plurality of switch ports 18 (e.g., eight) con- 
necting various network resources, such as servers, 
computers, and printers, to the network. A bus 20 span- 
ning each of the hub ports 14 may be enabled by an 
enable switch 24 to interconnect each of the switches 



1 6. This consequently interconnects each of the switch 
ports 18 across each of the interconnected switches 16. 
In the preferred embodiment, the bus 20 is enabled dur- 
ing manufacture, thus defining the default VLAN as all 
5 of the ports of the interconnected switches 16. The en- 
able switch 24 may be implemented as firmware within 
the hub 12, or as a manually actuated switch on the hub 
12. 

[001 6] New port-based VLANs may be formed across 
10 one or more of the switches 16 by selecting combina- 
tions of interconnected switch ports 18. Selected switch 
ports 1 8 for new VLANs consequently are removed from 
the default VLAN definition, thus reducing the size of the 
default VLAN. No data packets received on any one of 
15 the default VLAN ports may be transmitted to the ports 
that define other VLANs. 

[001 7] Figure 2 shows an exemplary eight port switch 
16 forming a default VLAN, VLAN 2, and VLAN 3. Ports 
one and two define the default VLAN, ports three to five 

20 define VLAN 2, and ports six to eight define VLAN 3. 
Data packets received on switch ports one or two may 
be transmitted to either or both of those switch ports 1 8 
only, thus preventing leakage to VLAN 2 and VLAN 3. 
For example, a data packet received on port two having 

25 a destination address of port four will be transmitted to 
both ports one and two only. Similarly, a data packet re- 
ceived on port two having a destination address of port 
one will be transmitted to port one only. VLAN 2 and 
VLAN 3 limit leakage in like fashion. 

30 [0018] Figure 3 shows a data packet 26, comprising 
a header 28 and an information field 30. The destination 
address of the data packet 26 is stored in the header 28 
of the data packet 26 . Th e switch port 1 8 associated with 
the destination address is ascertained by conventional 

35 means within the switch 16 receiving the data packet 
26. This information is used by the method shown in fig- 
ure 4. 

[0019] Figure 4 shows a flow chart that specifies the 
method used for preventing leakage from the default 

40 VLAN. More particularly, the destination port address is 
ascertained from the header 28 of a data packet re- 
ceived on one of the default VLAN ports (step 400). At 
step 402, it is determined if the destination port is one 
of the default VLAN ports. If the destination port is one 

45 of the default VLAN ports, that data packet is transmitted 
to the destination port only (step 404). If the destination 
port is not one of the default VLAN ports, the data packet 
is transmitted to all of the default VLAN ports only (step 
406). The data packet is transmitted to no other switch 

50 ports 18. 

[0020] The default VLAN may be assigned a default 
VLAN tag that is assigned to a data packet when it en- 
ters through one of the default VLAN ports. The switch 
16 then may be configured to prevent transmission of 
55 any data packet, having an associated default VLAN 
tag, through any of the other, non-default VLAN ports. 
[0021] The invention may be implemented by means 
of a programmable logic chip within the one or more 
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switches 16 used for the invention. The invention may 
also be implemented as firmware stored within those 
switches 16. Both implementations may be pro- 
grammed by conventional methods. 
[0022] In an alternative embodiment, the invention 
may be implemented as a computer program product 
for use with a computer system. Such implementation 
may include a series of computer instructions fixed ei- 
ther on a tangible medium, such as a computer readable 
media (e.g. diskette, CD-ROM, ROM. or fixed disk) or 
transmittableto a computer system, via a modem or oth- 
er interface device, such as communications adapter 
connected to the network over a medium. The medium 
may be either a tangible medium (e.g., optical or analog 
communications lines) or a medium implemented with 
wireless techniques (e.g., microwave, infrared or other 
transmission techniques). The series of computer in- 
structions embodies all or part of the functionality previ- 
ously described herein with respect to the invention. 
Those skilled in the art should appreciatethat such com- 
puter instructions can be written in a number of program- 
ming languages for use with many computer architec- 
tures or operating systems. Furthermore, such instruc- 
tions may be stored in any memory device, such as sem- 
iconductor, magnetic, optical or other memory devices, 
and may be transmitted using any communications 
technology, such as optical, infrared, microwave, or oth- 
er transmission technologies. It is expected that such a 
computer program product may be distributed as a re- 
movable media with accompanying printed or electronic 
documentation (e.g., shrink wrapped software), 
preloaded with a computer system (e.g.. on system 
ROM or fixed disk), or distributed from a server or elec- 
tronic bulletin board over a network (e.g., the Internet or 
World Wide Web). 

[0023] The inventive default VLAN thus prevents 
leakage to other VLANs by transmitting received data 
packets to default VLAN ports only. Security thus is en- 
sured for data packets transmitted to the default VLAN. 
Furthermore, the initial size and scope of the default 
VLAN is increased by enabling the enable switch 24, 
during manufacture, to interconnect each of the switch- 
es 16 connected to the hub 12. 
[0024] While the invention has been shown and de- 
scribed above with respect to various preferred embod- 
iments, it will be apparent that the foregoing and other 
changes of the form and detail may be made therein by 
one skilled in the art without departing from the scope 
of the invention. These and other obvious modifications 
are intended to be covered by the following claims. 



Claims 

1. A system to implement a port-based default VLAN 
formed on one or more interconnected networking 
switches (16), each switch (16) having one or more 
switch ports (18), all of the switch ports collectively 



being a plurality of switch ports, the default VLAN 
being defined by a first subset comprising one or 
more of the plurality of switch ports, the defined sub- 
set of the one or more of the plurality of switch ports 
5 being default VLAN ports, at least one of the plural- 
ity of switch ports not in the first subset of switch 
ports defining a second VLAN, the system compris- 
ing: 

10 means for receiving a data packet (26) through 

one of the default VLAN ports (1 ,2); 
means for ascertaining a destination port from 
the received data packet, the destination port 
being one of the plurality of switch ports; 
15 means for determining whether the destination 

port is one of the default VLAN ports: 
first means, responsive to the determining 
means, for transmitting the data packet to the 
destination port when the determining means 
20 determines that the destination port is one of 

the default VLAN ports; and 
second means, responsive to the determining 
means, for transmitting the data packet only to 
each of the other default VLAN ports when the 
25 determining means determines that the desti- 

nation port is not one of the default VLAN ports. 

wherein the at least one switch port defining 
the second VLAN is free from receiving the data 
30 packet. 

2. The system as defined by claim 1 wherein the data 
packet (26) includes a header (28) and the ascer- 
taining means ascertains the destination port from 
35 the packet header. 



3. The system as defined in claim 1 further including 
means for tagging the data packet as being in the 
default VLAN. 

40 

4. A method of limiting broadcast messages from a 
port-based default VLAN, the default VLAN formed 
on one or more interconnected networking switches 
(16), each switch having one or more switch ports 

45 (1 8), all of the switch ports collectively being a plu- 
rality of switch ports, the default VLAN being de- 
fined by a first subset comprising one or more of the 
plurality of switch ports, the defined first subset of 
one or more of the plurality of switch ports being 

50 default VLAN ports, at least one of the plurality of 
switch ports not in the first subset of switch ports 
defining a second VLAN, the method comprising: 

receiving a data packet through one of the de- 
55 fault VLAN ports; 

ascertaining (400) a destination port from the 
data packet, the destination port being one of 
the plurality of switch ports; 
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determining (402) whether the ascertained 
destination port is one of the default VLAN 
ports; 

transmitting (404) the data packet to the desti- 
nation port when the destination port is one of 
the default VLAN ports; and 
only transmitting (406) the data packet to each 
of the other default VLAN ports when the des- 
tination port is not one of the default VLAN 
ports. 

5. The method as defined by claim 4 further including: 

tagging the data packet as being in the default 
VLAN. 

6. A data network assembly (10) comprising: 

a hub (12) having at least two networking 
switches (16) connected thereto, each switch 
having one or more switch ports (1 8); 
a bus (20) in the hub; 

an enable switch (24) to electrically connect 
each of the switch ports to the bus; 
means for defining a subset of the switch ports 
as a default VLAN; and 
meansfortransmitting packets received on one 
of the switch ports of the defined subset only to 
the other switch ports of the defined subset so 
as to prevent transmission to switch ports that 
are not in the default VLAN. 



Patentanspriiche 

1. Portgestutztes Standard-VLAN, welches auf einem 
oder mehreren zusammen geschalteten Vernet- 
zungs-Schaltern (16) ausgebildet ist, wobei jeder 
Schalter (16) einen oder mehrere Schalterer-An- 
schlusse (1 8) aufweist, wobei samtliche der Schal- 
ter-Anschlusse gemeinsam eine Vielzahl von 
Schalter-Anschlussen darstellen, wobei das Stan- 
dard-VLAN definiert ist durch eine ersteTeilmenge, 
welche einen oder mehrere der Vielzahl von Schal- 
ter-Anschlussen umfasst, diebestimmteTeilmenge 
der einen oder mehreren der vielzahl von Schalter- 
Anschlussen Standard-VLAN-Anschlusse sind, zu- 
mindest eine der Vielzahl von Schalter-Anschlus- 
sen, die nicht in der ersten Teilmenge von Schalter- 
Anschlussen ist, definiert ein zweites VLAN, wobei 
das System Folgendes aufweist: 

Mittel zum Empfang eines Datenpaketes (26) 
uber einen der Standard-VLAN-Anschlusse 
(1,2); 

Mittel zur Ermittlung eines Zielanschlusses von 
dem empfangenen Datenpaket, wobei derZiel- 
anschluss einer aus der Vielzahl von Schalter- 



Anschlussen ist; 

Mittel zur Bestimmung ob der Zielanschluss ei- 
ner der Standard-VLAN-Anschlusse ist; 
Erstes Mittel, welches auf das Mittel zur Be- 
5 stimmung anspricht zur Ubermittlung des Da- 

tenpaketes an den Zielanschluss, wenn das 
Mittel zur Bestimmung festlegt, dass der Ziel- 
anschluss einer der Standard-VLAN-Anschlus- 
se ist; und 

10 - Zweites Mittel, welches auf das Mittel zur Be- 
stimmung anspricht, zur Ubertragung des Da- 
tenpaketes lediglich zu jedem der anderen 
Standard-VLAN-Anschlusse, wenn das Mittel 
zur Bestimmung festlegt, dass der Zielan- 

'5 schluss nicht einer der Standard-VLAN-An- 

schlusse ist; 

worin der zumindest eine Schalter-Anschluss, 
der das zweite VLAN bestimmt, frei von einem 
Empfang des Datenpaketes ist. 



20 



25 



Netzwerk nach Anspruch 1 . worin das Datenpaket 
(26) ein Kopfteil (28) beinhaltet und das Mittel zur 
Bestimmung den Zielanschluss von dem Paketkopf 
ermittelt. 

Netzwerk nach Anspruch 1, welches weiterhin ein 
Mittel zur Markierung des Datenpaketes als in dem 
Standard-VLAN vorhanden beinhaltet. 



30 4. Verfahren zur Beschrankung allgemeiner Meldun- 
gen von einem portgestiitzten standard virtuellen 
lokalen Neztwerk (VLAN) ; wobei des Stan- 
dard-VLAN auf einem oder mehreren zusammen- 
geschalteten Vernetzungs-Schaltern (1 6) ausgebil- 

35 det ist, jeder Schalter einen oder mehrere Schalter- 
Anschlusse (18) aufweist, samtliche der Schalter- 
Anschlusse gemeinsam eine Vielzahl von Schalter- 
Anschlussen sind, der Standard-VLAN definiert 
wird durch eine erste Teilmenge, die einen oder 

40 mehrere aus der Vielzahl von Schlater-Anschlus- 
sen umfasst, die bestimmte erste Teilmenge des ei- 
nen oder mehreren der Vielzahl von Schalter-An- 
schlussen Standard-VLAN-Anschlussse sind, zu- 
mindest einer aus der Vielzahl von Schalter-An- 

45 schlussen, der nicht in der ersten Teilmenge von 
Schalteranschlussen enthalten ist, ein zweites 
VLAN bestimmt und das Verfahren Folgendes auf- 
weist: 

50 - Empfangen eines Datenpaketes ubereinen der 
Standard-VLAN-Anschlusse; 
Ermittlung (400) eines Zielanschlusses von 
dem Datenpaket, wobei der Zielanschluss ei- 
ner aus der Vielzahl von Schalteranschlussen 

55 ist; 

Bestimmung (402) ob der ermittelte Zielan- 
schluss einer der Standard-VLAN-Anschlusse 
ist; 
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Ubertragung (404) des Datenpaketes an den 
Zielanschluss, wenn der Zielanschluss einer 
der Standard-VLAN-Anschlusse ist; und 
Ubertragung (406) des Datenpaketes zu jedem 
der anderen Standard-VLAN-Anschlusse, 
wenn der Zielanschluss nicht einer der Stan- 
dard-VLAN-Anschlusse ist. 

5. Verfahren nach Anspruch 4, welches weiterhin auf- 
weist: Markieren des Datenpaketes als in dem 
Standard-VLAN befindlich. 

6. Netzwerkaufbau (10), welcher Folgendes aufweist: 

einen Hub (12) mit zumindest zwei damit ver- 
bundenen Vernetzungs-Schaltern (16), wobei 
jeder Schalter einen oder mehrere Anschlusse 
(18) aufweist; 

einen Bus (20) in dem Hub; 
einen Freigabeschalter (24) zur elektrischen 
Verbindung eines jeden der Schalteranschlus- 
se mit dem Bus; 

Mittel zur Bestimmung einer Teilmenge von 
Schalteranschlussen als ein Standard-VLAN ; 
und 

Mittel zur Ubertragung von Paketen, die auf ei- 
nem der Schalter-Anschlusse der bestimmten 
Teilmenge empfangen werden, lediglich zu den 
anderen Schalter-Anschlussen der bestimm- 
ten Teilmenge urn eine Ubertragung an Schal- 
ter-Anschlusse zu verhindern, die sich nicht in 
dem Standard-VLAN befinden. 



Revendications 

1 . Systeme pour mettre en oeuvre un VLAN par defaut 
a points d'acces forme sur un ou plusieurs commu- 
tateurs en reseau interconnectes (16), chaque 
commutateur (1 6) ayant un ou plusieurs points d'ac- 
ces de commutateur (18), tous les points d'acces 
de commutateur formant collectivement une plura- 
lity de points d'acces de commutateurs, le VLAN 
par defaut etant defini par un premier sous-ensem- 
ble comprenant un ou plusieurs de la pluralite de 
points d'acces de commutateur, le sous-ensemble 
defini d'un ou plusieurs de la pluralite de points d'ac- 
ces de commutateur etant des acces de VLAN par 
defaut, au moins de la pluralite de points d'acces 
de commutateur ne faisant pas partie du premier 
sous-ensemble de points d'acces de commutateur 
definissant un second VLAN, le systeme 
comprenant : 

des moyens pour recevoir un paquet de don- 
nees (26) par I'intermediaire de I'un des acces 
de VLAN par defaut (1,2); 
des moyens pour fixer un acces de destination 



a partir du paquet de donnees recu, I'acces de 
destination etant I'un de la pluralite de points 
d'acces de commutateur ; 
des moyens pour determiner si I'acces de des- 
5 tination est I'un des acces de VLAN par defaut ; 

des premiers moyens, agissanten reponse aux 
moyens de determination, pour transmettre le 
paquet de donnees a I'acces de destination 
quand les moyens de determination determi- 
ne nent que I'acces de destination est I'un des ac- 
ces de VLAN par defaut ; et 
des seconds moyens, agissant en reponse aux 
moyens de determination, pour transmettre le 
paquet de donnees seulement a chacun des 
15 autres acces de VLAN par defaut quand les 
moyens de determination determined que I'ac- 
ces de destination n'est pas I'un des acces de 
VLAN par defaut ; 

20 dans lequel au moins un point d'acces de 

commutateur definissant le second VLAN est libre 
pour recevoir le paquet de donnees. 

2. Systeme selon la revendication 1 , dans lequel le pa- 
25 quet de donnees (26) comprend une entete (28) et 

les moyens de fixation fixent I'acces de destination 
a partir de I'entete de paquet. 

3. Systeme selon la revendication 1 , comprenant en 
30 outre des moyens pour etiqueter le paquet de don- 
nees comme etant dans le VLAN par defaut. 

4. Procede pour limiter des messages d'emission a 
partir d'un VLAN par defaut a points d'acces, le 

35 VLAN par defaut etant forme d'un ou plusieurs com- 
mutateurs en reseau interconnectes (16), chaque 
commutateur comportant un ou plusieurs points 
d'acces de commutateur (18), tous les points d'ac- 
ces de commutateur formant collectivement une 

40 pluralite de points d'acces de commutateur, le 
VLAN par defaut etant defini par un premier sous- 
ensemble comprenant un ou plusieurs de la plura- 
lite de points d'acces de commutateur, le premier 
sous-ensemble defini d'un ou plusieurs de la plura- 

45 lite de points d'acces de commutateur etant des ac- 
ces de VLAN par defaut, au moins un de la pluralite 
de points d'acces de commutateur ne faisant pas 
partie du premier sous-ensemble de points d'acces 
de commutateur definissant un second VLAN, le 

50 procede comprenant : 

recevoir un paquet de donnees par I'interme- 
diaire de I'un des acces de VLAN par defaut ; 
fixer (400) un acces de destination a partir du 
55 paquet de donnees, I'acces de destination 

etant I'un de la pluralite de points d'acces de 
commutateur ; 

determiner (402) si I'acces de destination fixe 
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est I'un des acces de VLAN par defaut ; 
transmettre (404) le paquet de donnees a I'ac- 
ces de destination quand I'acces de destination 
est I'un des acces de VLAN par defaut ; et 
transmettre seulement (406) le paquet de don- 5 
nees a chacun des autres acces de VLAN par 
defaut quand I'acces de destination n'est pas 
I'un des acces de VLAN par defaut. 

Procede selon la revendication 4, comprenant un 10 
etiquetage du paquet de donnees comme etant 
dans le VLAN par defaut. 



Structure de reseau de donnees (1 0) comprenant : 



15 



un repartiteur (12) comprenant au moins deux 
commutateurs en reseau (1 6) qui lui sont con- 
nected, chaque commutateur comprenant un 
ou plusieurs points d'acces de commutateur 
(18); 20 
un bus (20) dans le repartiteur ; 
un commutateur de validation (24) pour relier 
electriquement chacun des points d'acces de 
commutateur au bus ; 

des moyens pour definir un sous-ensemble des 25 
points d'acces de commutateur en tant que 
VLAN par defaut ; et 

des moyens pour transmettre des paquets re- 
gus au niveau de I'un des points d'acces de 
commutateur du sous-ensemble defini seule- 30 
ment aux autres points d'acces de commuta- 
teur du sous-ensemble defini defacon aempe- 
cher la transmission vers des points d'acces de 
commutateur qui ne sont pas dans leVLAN par 
defaut. 35 
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